The mailinglist script droped the attachment from Matthew (esx-carp.diff):
Index: ip_carp.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_carp.c,v
retrieving revision 1.52.2.3
diff -u -r1.52.2.3 ip_carp.c
--- ip_carp.c 9 May 2009 00:35:38 -0000 1.52.2.3
+++ ip_carp.c 26 Jul 2009 16:53:24 -0000
@@ -143,6 +143,8 @@
&carp_opts[CARPCTL_LOG], 0, "log bad carp packets");
SYSCTL_INT(_net_inet_carp, CARPCTL_ARPBALANCE, arpbalance, CTLFLAG_RW,
&carp_opts[CARPCTL_ARPBALANCE], 0, "balance arp responses");
+SYSCTL_INT(_net_inet_carp, CARPCTL_DROPECHOED, drop_echoed, CTLFLAG_RW,
+ &carp_opts[CARPCTL_DROPECHOED], 0, "drop packets echoed to sender");
SYSCTL_INT(_net_inet_carp, OID_AUTO, suppress_preempt, CTLFLAG_RD,
&carp_suppress_preempt, 0, "Preemption is suppressed");
@@ -552,6 +554,28 @@
return;
}
+ /*
+ * verify that the source address is not valid
+ * for the interface it was received on. this
+ * tends to happen with VMWare ESX vSwitches.
+ */
+ if (carp_opts[CARPCTL_DROPECHOED]) {
+ struct ifnet *ifp = m->m_pkthdr.rcvif;
+ struct ifaddr *ifa;
+ IF_ADDR_LOCK(ifp);
+ TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
+ struct in_addr in4;
+ in4 = ifatoia(ifa)->ia_addr.sin_addr;
+ if (ifa->ifa_addr->sa_family == AF_INET &&
+ in4.s_addr == ip->ip_src.s_addr) {
+ m_freem(m);
+ IF_ADDR_UNLOCK(ifp);
+ return;
+ }
+ }
+ IF_ADDR_UNLOCK(ifp);
+ }
+
/* verify that the IP TTL is 255. */
if (ip->ip_ttl != CARP_DFLTTL) {
carpstats.carps_badttl++;
@@ -644,6 +668,28 @@
return (IPPROTO_DONE);
}
+ /*
+ * verify that the source address is not valid
+ * for the interface it was received on. this
+ * tends to happen with VMWare ESX vSwitches.
+ */
+ if (carp_opts[CARPCTL_DROPECHOED]) {
+ struct ifnet *ifp = m->m_pkthdr.rcvif;
+ struct ifaddr *ifa;
+ IF_ADDR_LOCK(ifp);
+ TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) {
+ struct in6_addr in6;
+ in6 = ifatoia6(ifa)->ia_addr.sin6_addr;
+ if (ifa->ifa_addr->sa_family == AF_INET6 &&
+ memcmp(&in6, &ip6->ip6_src, sizeof(in6)) == 0) {
+ m_freem(m);
+ IF_ADDR_UNLOCK(ifp);
+ return (IPPROTO_DONE);
+ }
+ }
+ IF_ADDR_UNLOCK(ifp);
+ }
+
/* verify that the IP TTL is 255 */
if (ip6->ip6_hlim != CARP_DFLTTL) {
carpstats.carps_badttl++;
Index: ip_carp.h
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_carp.h,v
retrieving revision 1.3
diff -u -r1.3 ip_carp.h
--- ip_carp.h 1 Dec 2006 18:37:41 -0000 1.3
+++ ip_carp.h 26 Jul 2009 16:53:24 -0000
@@ -1,4 +1,4 @@
-/* $FreeBSD: src/sys/netinet/ip_carp.h,v 1.3 2006/12/01 18:37:41 imp Exp $
*/
+/* $FreeBSD: src/sys/netinet/ip_carp.h,v 1.3.8.1 2009/04/15 03:14:26
kensmith
Exp $ */
/* $OpenBSD: ip_carp.h,v 1.8 2004/07/29 22:12:15 mcbride Exp $ */
/*
@@ -140,7 +140,8 @@
#define CARPCTL_LOG 3 /* log bad packets */
#define CARPCTL_STATS 4 /* statistics (read-only) */
#define CARPCTL_ARPBALANCE 5 /* balance arp responses */
-#define CARPCTL_MAXID 6
+#define CARPCTL_DROPECHOED 6 /* drop packets echoed to the
sender */
+#define CARPCTL_MAXID 7
#define CARPCTL_NAMES { \
{ 0, 0 }, \
